@hacks4pancakes At one point there was a best practice of air gapping those industrial systems from the internet. Is that still the case? As a practical matter, are systems like that air gapped? And does air gapping as actually implemented help defend against attacks, and why or why not? Anything else about air gapping?
@david42 I see maybe two airgaps a year doing it daily outside of nuclear and defense. They’re mostly a myth now and have been for at least a decade. Too much efficiency and reduced staffing gained by networking. We even see cloud now. Vendors demand connections to provide warranty support.
Edited 315d ago
@hacks4pancakes I could imagine a setup with a physical airgap that can be connected for maintenance and then disconnected, but I guess anything like that requires hands and time, and sounds like the industry is "optimizing" that out.
@david42 correct. I have seen remote access that’s connected and disconnected but it’s rarer all the time. It’s mostly just a normal DMZ between IT and the process environment, and those are as good as you make them.
@hacks4pancakes @david42 this kind of setup (OT and IT network separated) is supposed to be the standard in the marine space but I have yet to find a case where there wasn't something bridging the gap. a lot of the time it's intentional (remote monitoring) but it's also not uncommon that a contractor plugged a patch lead between the switches and then forgot to remove it. all the networked gear is serviced on-site by the vendor so rigid change control is borderline impossible.